VYPR
Vendor

Crocoblock

Products
16
CVEs
78
Across products
78
Status
Private

Products

16

Recent CVEs

78
View all 78 CVEs →
  • CVE-2025-49931CriOct 22, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetSearch jet-search allows Blind SQL Injection.This issue affects JetSearch: from n/a through <= 3.5.10.

  • CVE-2023-39157CriDec 31, 2023
    risk 0.59cvss 9.0epss 0.01

    Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10.

  • CVE-2024-7146HigAug 16, 2024
    risk 0.57cvss 8.8epss 0.01

    The JetTabs for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.3 via the 'switcher_preset' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and…

  • CVE-2023-48757HigMay 17, 2024
    risk 0.57cvss 8.8epss 0.01

    Improper Privilege Management vulnerability in Crocoblock JetEngine allows Privilege Escalation.This issue affects JetEngine: from n/a through 3.2.4.

  • CVE-2024-37497HigJul 9, 2024
    risk 0.50cvss 7.7epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetThemeCore jet-theme-core.This issue affects JetThemeCore: from n/a through < 2.2.1.

  • CVE-2026-3496HigMar 11, 2026
    risk 0.49cvss 7.5epss 0.00

    The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'check_in_date' parameter in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.…

  • CVE-2025-49921HigOct 22, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetReviews jet-reviews allows PHP Local File Inclusion.This issue affects JetReviews: from n/a through <= 3.0.0.

  • CVE-2025-39449HigMay 19, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetWooBuilder: from n/a through <= 2.1.18.

  • CVE-2025-39447HigMay 19, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Crocoblock JetElements For Elementor jet-elements allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: from n/a through <= 2.7.4.1.

  • CVE-2025-39396HigMay 19, 2025
    risk 0.49cvss 7.5epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetReviews jet-reviews allows PHP Local File Inclusion.This issue affects JetReviews: from n/a through <= 2.3.6.

  • CVE-2025-26953HigApr 15, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Crocoblock JetMenu jet-menu allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetMenu: from n/a through <= 2.4.9.

  • CVE-2025-26958HigApr 15, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Crocoblock JetBlog jet-blog allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlog: from n/a through <= 2.4.3.

  • CVE-2025-26944HigApr 15, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Crocoblock JetPopup jet-popup allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetPopup: from n/a through <= 2.0.11.

  • CVE-2025-26942HigApr 15, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Crocoblock JetTricks jet-tricks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetTricks: from n/a through <= 1.5.1.

  • CVE-2025-22279HigApr 10, 2025
    risk 0.49cvss 7.5epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetCompareWishlist jet-compare-wishlist allows PHP Local File Inclusion.This issue affects JetCompareWishlist: from n/a through <= 1.5.9.

  • CVE-2025-31016HigMar 31, 2025
    risk 0.49cvss 7.5epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows PHP Local File Inclusion.This issue affects JetWooBuilder: from n/a through <= 2.1.18.

  • CVE-2025-49930HigOct 22, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSearch jet-search allows Reflected XSS.This issue affects JetSearch: from n/a through <= 3.5.10.

  • CVE-2023-48758HigJan 2, 2025
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through <= 3.2.4.

  • CVE-2026-24958MedFeb 3, 2026
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.12.2.

  • CVE-2025-68499MedDec 30, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs jet-tabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through <= 2.2.12.